UC, NKU expand cybersecurity programs amid growing threat

Jun. 4, 2013

Provided

Written by

How to protect yourself from cyber attacks

Never click on links in e-mails. If you think it is legitimate, go the site and log on directly. Never open the attachments from a retailer or other company. Do not give out personal information. Set secure passwords, avoid using common words or phrases, and update regularly. Keep your operating system and browser up to date. Verify authenticity of requests from companies. Contact them directly. Pay close attention to URLs. Malicious sites sometimes use a variation of a common spelling. Source: U.S. Department of Homeland Security

Common methods used by hackers

“Trojan Horse” programs: Tricks users into installing back-door programs allowing access to their computer. Denial of service: Causes a computer to crash. Distributed denial of service: Uses compromised computers as launching pad to attack other systems. Mobile code: Intruders can change codes such as Java to gather information. Packet sniffing: a program to capture data from “packets” of information traveling over the Internet. Source: www.armor2net.com

Farooq Alkhateeb of Independence just graduated from the University of Cincinnati, but he isn’t terribly worried about finding a job.

He majored in information technology and founded a campus group called Cybercrime Cats.

“There’s so many opportunities, it’s almost hard to sift through them all,” he said.

Fueled by an increase in cyber attacks on critical infrastructure – nearly 200 last year compared to fewer than a dozen in 2009, the federal Department of Homeland Security says – cybersecurity has become among the hottest job markets in the country and an increasing focus of universities.

While it’s clearly become a cool major for students to consider, it also carries a dark side: Hackers launching attacks that can devastate the daily lives of citizens and put businesses into panic as their most basic systems are infected.

Online attacks can disrupt banking, health care or even electronic identities, as well as infrastructure such as utilities or financial markets that could disrupt daily lives for millions of people.

Analysts earn median pay of about $75,000 a year and more than 65,000 new jobs will be created by 2020, the federal Labor Department says.

Those workers are desperately needed, experts said, because the quest for information online is multiplying just as the need for security becomes more critical.

“This isn’t a fad,” said UC political science professor Richard Harknett, a member of Ohio’s Cyber Security Education and Economic Development Council. “We keep doubling down on this. We’re doubling down on an insecure infrastructure for convenience and efficiency.”

Whether the motive is money, strategic advantage or simply to wreak havoc, the attacks have gotten more serious and more brazen during the last few years.

The Obama administration recently accused China of of mounting a series of cyber attacks on government or military targets.

And earlier this year, prosecutors in New York arrested several people after hackers managed to steal $45 million by illegally tapping into automated teller machines more than 40,000 times.

Attacks can range from using infected attachments to hack into personal e-mails, to sophisticated schemes that use one computer as a launching pad that can tap into large data storehouses.

For every confirmed attack, there are thousands of attempts.

For example, utilities across the country have reported nearly constant attacks. According to a congressional report last year, one utility reported it was the target of 10,000 attempted attacks each month.

Last year, Homeland Security processed about 190,000 “cyber incidents” against critical infrastructure or federal agencies, up 68 percent from the year before.

The stakes are immense.

“Our daily life, economic vitality and national security depend on cyberspace,” top Homeland Security officials said in written testimony to Congress earlier tin May. “A vast array of interdependent IT networks, systems, services, and resources are critical to communicating, traveling, powering our homes, running our economy, and obtaining government services. No country, industry, community or individual is immune to cyber risks.”

'It's kind of scary
how simple it is.'

With the problem growing, universities are stepping up academic programs to provide the workers they will need.

Nearly every university teaches computer science and information technology courses. The newest trend is packaging those courses into certificates and degree programs aimed at supplying workers to a far-flung network of cybersecurity employers.

For example, Northern Kentucky University will debut its data science major this fall and a group of students on a cyber defense team have shown success in national competitions.

Yi Hu, the NKU computer science professor who coaches the team, said students learn the importance of maintaining customer service even in the face of a behind-the-scenes attack.

“Not only do students need to have a skill to defend their systems, they need to have the skills to fight back,” he said.

Starting this fall, UC will offer a cybersecurity certificate including classes from political science, criminal justice and information technology.

In a class this spring, Harknett and colleague Mark Stockman set up scenarios for their students, including one in which a group including Alkhateeb modeled an “attack” on a bank in the Middle East, reading actual code that showed exploitable flaws in the bank’s web pages to steal credit card numbers.

“We said, ‘This area of the world is growing so fast that they’re probably not worrying too much about security,’ ” Alkhateeb said. “It’s kind of scary how simple it is.”

In that case, the attackers’ motive was stealing millions of dollars, but the design of any attack often is not that simple.

In another scenario in the UC class, students studied how to attack a California water treatment plant.

Playing a series of scenarios by rolling dice to reflect probability of success, the group got a plant manager to respond to a Facebook invitation, opening the door to they were able to hack into his computer and company data.

Overall, Alkhateeb said, anyone with basic knowledge of coding and IT infrastructure can launch attacks.

“If anybody tells you it can be 100 percent foolproof, no,” he said.

Potential jobs are only one reason programs teaching cybersecurity are so popular with students.

“Hackers are becoming like the cool thing now,” he said. “But your goal should be learning what the hackers are doing and how to defend against it. That’s even more fun.”⬛